Professional Documents
Culture Documents
Contents
Document Control........................................................................................................................................... 3
Change Record........................................................................................................................................... 3
Reviewers................................................................................................................................................... 3
Distribution.................................................................................................................................................. 3
Using the BR.030 Business Requirements Mapping (BRM) Form.................................................................4
GRC Requirements for SOD and Access Controls.........................................................................................5
Business Processes: Using Access Controls and Segregation of Duties in AACG 8.5..................................6
Mapping Source Introduction 1.0...............................................................................................................7
Business Requirements, Mapping and Process Steps...............................................................................7
Proposed Solution Introduction 1.0...........................................................................................................21
Best Practices............................................................................................................................................. 21
Lessons Learned......................................................................................................................................... 21
Related Information..................................................................................................................................... 21
Mapping Solution Introduction 1.0.............................................................................................................22
Workaround................................................................................................................................................. 22
Application Enhancement........................................................................................................................... 22
Reengineering Opportunity......................................................................................................................... 22
Solution Design Document Reference........................................................................................................22
Custom Report............................................................................................................................................ 22
Interface...................................................................................................................................................... 22
Customization............................................................................................................................................. 22
Mapping Source Creating Access Policies 2.0...........................................................................................23
Business Requirements Mapping and Process Steps................................................................................24
Proposed Solution Creating Access Policies 2.0......................................................................................65
Best Practices............................................................................................................................................. 65
Lessons Learned......................................................................................................................................... 65
Mapping Solution Creating Access Policies 2.0........................................................................................67
Workaround................................................................................................................................................. 67
Application Enhancement........................................................................................................................... 67
Reengineering Opportunity......................................................................................................................... 67
Solution Design Document Reference........................................................................................................67
Custom Report............................................................................................................................................ 67
Interface...................................................................................................................................................... 67
Customization............................................................................................................................................. 67
Mapping Source Finding and Resolving Conflicts 3.0................................................................................68
Business Requirements Mapping and Process Steps................................................................................68
Proposed Solution Finding and Resolving Conflicts 3.0...........................................................................110
Best Practices............................................................................................................................................. 110
Lessons Learned......................................................................................................................................... 110
Mapping Solution Finding and Resolving Conflicts 3.0.............................................................................112
Workaround................................................................................................................................................. 112
Application Enhancement........................................................................................................................... 112
Reengineering Opportunity......................................................................................................................... 112
Solution Design Document Reference........................................................................................................112
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 2 of 7
Rev 1.0
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 3 of 7
Rev 1.0
Document Control
Change Record
10
Date
Author
Rel
Change Reference
07-Sep-10
Roger Drolet
1.0
No previous document
Reviewers
Name
Position
Distribution
Copy
No.
Name
Location
1
2
3
4
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 4 of 7
Rev 1.0
Introduction
The purpose of these audit plans and internal control questionnaires (ICQs) is to provide the audit, control
and security professional with a methodology for evaluating the subject matter of the ISACA publication
Security, Audit and Control Features Oracle E-Business Suite: A Technical and Risk Management
Guide, 2nd Edition. They examine key issues and components that need to be considered for this topic. The
review questions have been developed and reviewed with regard to COBIT 4.0. Note: The professional
should customize the audit programs and ICQs to define each specific organizations constraints, policies
and practices.
The following are included here:
Oracle Financial Accounting Business Cycle Audit Plan
Oracle Financial Accounting Business Cycle ICQ
Oracle Expenditure Business Cycle Audit Plan
Oracle Expenditure Business Cycle ICQ
Oracle Security Administration Audit Plan
Oracle Security Administration ICQ
Item
#
Control Objective/Test
Page 2
Page 16
Page 20
Page 36
Page 40
Page 53
Comments
CO B I T
Reference
s
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 5 of 7
Rev 1.0
Item
#
Control Objective/Test
Company Codes
10
Comments
CO B I T
Reference
s
Issue
Resolution
Responsibility
Target Date
Impact
Date
Roger Drolet
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 6 of 7
Rev 1.0
Closed Issues
ID
Issue
Resolution
Responsibility
Target Date
Impact
Date
Copyright Oracle Independent Consultants (OIC) LLC, 2008. All rights reserved.
grcim_aacg_br030_access_controls_and_sod
Page 7 of 7
Rev 1.0